In light of how personal information may be vulnerable to misuse when shared on the Internet, AB 375, the California Consumer Privacy Act of 2018, was signed into law on June 28, 2018, by California Governor Jerry Brown. The law is to take effect on January 1, 2020. Although it can be amended until then, there are some key provisions companies in California will want to be aware of.

1. Companies subject to this provision are companies:

a. Who have an annual gross revenue in excess of twenty-five million dollars ($25,000,000);

b. Who alone or in combination, annually buy, receive, sell, or share for commercial purposes, the personal information of fifty thousand (50,000) or more consumers; and

c. Who derive fifty percent (50%) or more of its annual revenues from selling consumers’ personal information.

2. The bill grants consumers the right to request a business to disclose the following:

a. The categories and specific pieces of personal information that it collects about the consumer;

b. The categories of sources from which that information is collected;

c. The business purposes for collecting or selling the information; and

d. The categories of third parties with which the information is shared.

3. The bill also grants a consumer the right to request deletion of personal information and requires the business to delete such information upon receipt of a verified request.

4. A business that receives a verifiable consumer request from a consumer to access personal information shall promptly take steps to disclose and deliver, the personal information free of charge to the consumer. A business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a twelve (12) month period.

5. The law permits consumers to opt out of the sale of personal information by a business and prohibits the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services. However, there is an exception “if the difference is reasonably related to value provided by the consumer’s data,” a consumer may not be able to opt out.

6. Under this Act, companies are prohibited from the sale of personal data for individuals between the ages of thirteen (13) and sixteen (16) years old unless they specifically “opt in” by a parent or guardian who must provide consent.

7. Under this Act, consumers will have the right to undertake civil actions against a service in the event of a data breach or exposure. Businesses may be subject to damages ranging from one hundred dollars ($100) to seven hundred and fifty dollars ($750) per consumer per incident, or may be based on actual damages, whichever is greater.

The Australian Securities and Investment Commission (ASIC) released a statement May 1, 2018, informing companies that ASIC will take action against companies that sell digital or virtual tokens via initial coin offerings (ICOs) if their conduct or statements are misleading or deceptive. ASIC is currently issuing inquiries to ICO issuers and their advisors where ASIC identifies conduct or statements that are misleading or deceptive, especially in marketing material and White Papers. ASIC recommends that any company selling something to Australians, whether it is a financial product or a utility token, ensure they are in compliance with the Corporations Act 2001, and are properly licensed if necessary.

On April 6, 2018, the State Bank of Pakistan (SBP) advised that virtual currencies/coins/tokens are neither recognized as a legal tender, nor has SBP authorized or licensed any individual or entity for the issuance, sale, purchase, exchange, or investment in any virtual currency/coins/tokens in Pakistan. Further, banks, development finance institutions, microfinance banks, and payment system operators (PSOs)/payment service providers (PSPs) have been advised not to facilitate their customers/account holders to transact in virtual currencies or initial coin offerings (ICOs). Domestic and international payment and money transfer services in Pakistan are regulated by SBP under applicable laws. In this regard, no entity is currently licensed or authorized by SBP to offer money remittance services and products in Pakistan using virtual currencies/coins/tokens. Persons using virtual currencies/coins/tokens for the purpose of transferring value outside of Pakistan are subject to prosecution as per the applicable laws.

Gagnier Margossian LLP routinely provides legal representation of victims of online harassment, including all forms of cyber exploitation. Unfortunately, an occupational hazard of doing such work is that these perpetrators sometimes turn their tactics on our firm as counsel.

Recently, after successfully advocating for a client who has been maliciously harassed for nearly two years, the perpetrator has decided to turn her attention to one of our partners, Christina Gagnier. The firm has discovered at least one post that is, in the most generous of descriptions, patently defamatory, disgusting and outrageous.

Gagnier has served as a member of the Federal Communication Commission’s Consumer Advisory Committee and California Attorney General Kamala Harris’ Cyber-Exploitation Task Force. Christina has been a subject matter expert on Cyber Exploitation to California's Commission on Peace Officer Standards and Training (POST).

In addition to her practice, Gagnier is Adjunct Faculty at the University of California at Irvine School of Law, teaching privacy law and serving as clinical faculty for the Intellectual Property, Arts, and Technology Clinic, in which the Clinic creates resources for victims of online harassment. Christina further sits on the Board of Directors of Without My Consent, tackling issues like online harassment and revenge porn. She also recently worked on SB 157, which successfully passed in the California State Legislature.

Christina was also recently published in the most recent edition of Domestic Violence Report with her article “Cyber Exploitation and the Perpetration of Digital Abuse.” The irony does not escape this firm that Christina now finds herself a victim of the behavior she routinely fights against.

The team at GAMALLP wants to make it clear that we will not succumb to harassment in any form.

Bonus points for someone who may have also practiced U.S. privacy and data security law (federal and state). Experience with technology industries, issues lying at the intersection of government regulation and technology, or FTC policy and enforcement regarding privacy and data security issues is desirable. EU law experience, esp. GDPR familiarity, even more points.

Further bonus points for someone with experience as securities and finance counsel.

This opportunity is for an initial contract term position for the parties to figure out if it is the “right” fit. Salary commensurate with skill set and experience.

Location: SF, LA, OC, NYC, DC.

Please submit: Cover Letter (direct and well-written - why this sounds cool), Resume, Writing Sample(s), References (3), and any publicly available information relating to litigation or transactions the candidate may have worked on.